GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-26 22:52:11 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003c WDC_WD10JPVX-22JC3T0 rev.01.01A01 931,51GB Running: 07l63n8l.exe; Driver: C:\Users\Rafal\AppData\Local\Temp\pxldypow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000a5600 15 bytes [00, 96, F2, 01, 00, 6A, 6C, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960000a5610 11 bytes [00, D7, FB, FF, 00, 7B, D1, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Windows\System32\dwm.exe[6876] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\System32\dxgi.dll!CreateDXGIFactory 00007ffe109f7750 5 bytes JMP 00007fff109e00d8 .text C:\Windows\System32\dwm.exe[6876] C:\Windows\System32\dxgi.dll!CreateDXGIFactory1 00007ffe109f8ee0 5 bytes JMP 00007fff109e0110 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe15c8d050 7 bytes JMP 00007fff13610500 .text C:\Program Files\Elantech\ETDCtrl.exe[4508] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe15cbb170 5 bytes JMP 00007fff13610538 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Windows\system32\taskhostex.exe[4232] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe15c8d050 7 bytes JMP 00007fff13610500 .text C:\Windows\system32\igfxEM.exe[5704] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe15cbb170 5 bytes JMP 00007fff13610538 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe15c8d050 7 bytes JMP 00007fff13610500 .text C:\Windows\system32\igfxHK.exe[5652] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe15cbb170 5 bytes JMP 00007fff13610538 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe15c8d050 7 bytes JMP 00007fff13610500 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6028] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe15cbb170 5 bytes JMP 00007fff13610538 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[96] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[6176] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000726a1003 2 bytes [6A, 72] .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[6176] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000726a1016 2 bytes [6A, 72] .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Windows\system32\wbem\unsecapp.exe[4812] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6764] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000726a1003 2 bytes [6A, 72] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6764] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000726a1016 2 bytes [6A, 72] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ffe0851ead0 5 bytes JMP 00007ffe136105a8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 00007ffe0854eb90 6 bytes JMP 00007ffe13610570 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe15c8d050 7 bytes JMP 00007fff13610500 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3412] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe15cbb170 5 bytes JMP 00007fff13610538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe15c8d050 7 bytes JMP 00007fff13610500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe15cbb170 5 bytes JMP 00007fff13610538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2220] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text F:\Chrome\FRST64.exe[840] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe15c8d050 7 bytes JMP 00007fff13610500 .text C:\Windows\SYSTEM32\notepad.exe[4264] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe15cbb170 5 bytes JMP 00007fff13610538 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe15c8d050 7 bytes JMP 00007fff13610500 .text C:\Windows\SYSTEM32\notepad.exe[5644] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe15cbb170 5 bytes JMP 00007fff13610538 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe15a53e10 7 bytes JMP 00007fff13610260 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe15a53e20 7 bytes JMP 00007fff13610298 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe15b039b0 7 bytes JMP 00007fff13610340 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe15b03ef0 7 bytes JMP 00007fff136102d0 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe15b03fe0 7 bytes JMP 00007fff13610308 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe15b306c0 7 bytes JMP 00007fff136101f0 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe15b30730 7 bytes JMP 00007fff13610228 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe136221d0 5 bytes JMP 00007fff13610180 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe136229d0 7 bytes JMP 00007fff136100d8 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe13624310 5 bytes JMP 00007fff13610110 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe13628d80 5 bytes JMP 00007fff13610148 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe1369f0b0 5 bytes JMP 00007fff136101b8 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe13fe1500 1 byte JMP 00007fff13610490 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe13fe1502 6 bytes {JMP 0xffffffffff62ef90} .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe13fe1750 8 bytes JMP 00007fff136104c8 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe15ed6d90 10 bytes JMP 00007fff13610458 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe15ee74a0 5 bytes JMP 00007fff136103e8 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe15ee7560 9 bytes JMP 00007fff13610378 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe15ee7730 5 bytes JMP 00007fff13610420 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe15ef6b10 5 bytes JMP 00007fff136103b0 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe15c8d050 7 bytes JMP 00007fff13610500 .text C:\Windows\SYSTEM32\notepad.exe[3024] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe15cbb170 5 bytes JMP 00007fff13610538 .text F:\Chrome\07l63n8l.exe[6624] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000711e1003 2 bytes [1E, 71] .text F:\Chrome\07l63n8l.exe[6624] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000711e1016 2 bytes [1E, 71] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [6796:1660] fffff960009922d0 Thread C:\Windows\Explorer.EXE [4780:2100] 00007ffe109be630 Thread C:\Windows\Explorer.EXE [4780:2152] 00007ffe109be630 Thread C:\Windows\Explorer.EXE [4780:4384] 00007ffe10f8e630 Thread C:\Windows\Explorer.EXE [4780:2872] 00007ffe10f8e630 Thread C:\Windows\Explorer.EXE [4780:5600] 00007ffe10d7e630 Thread C:\Windows\Explorer.EXE [4780:6772] 00007ffe10d7e630 Thread C:\Windows\Explorer.EXE [4780:4088] 00007ffe10d7e630 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 2080702509 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\54271e0c7df2 Reg HKLM\SYSTEM\CurrentControlSet\Services\ngvss\Parameters@asserts ?????